Answer the question
In order to leave comments, you need to log in
D
D
Dmitry Kartashov2015-11-18 19:50:26
Dmitry Kartashov, 2015-11-18 19:50:26
How to understand DMARC reports?
Here comes the reports from gmail
<record> <row> <source_ip><b>2a00:1450:400c:c09::231</b></source_ip> <count>1</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>fail</spf> </policy_evaluated> </row> <identifiers> <header_from>slap.com.ua</header_from> </identifiers> <auth_results> <dkim> <domain>slap.com.ua</domain> <result>pass</result> </dkim> <spf> <domain>rally.in.ua</domain> <result>pass</result> </spf> </auth_results> </record>
DNS entry v=DMARC1; aspf=s; sp=reject; rua=mailto:[email protected];
This IP6 is of interest: 2a00:1450:400c:c09::231
This is a Google IP, what does it do in the report?
And what does the rally.in.ua domain do in the report?)
Thank you
3 answer(s)
@Kartashoff
V
Vladimir Dubrovin, 2015-12-10 @Kartashoff
If it's still relevant -
2a00:1450:400c:c09::231 - IP from which the letter came
The From: header contained the slap.com.ua domain, so DMARC was checked for it. The letter was signed by the DKIM of the slap.com.ua domain, so the DKIM letter was authenticated, i.e. DMARC also passed.
However, in the SMTP envelope (SMTP MAIL FROM:) there was a rally.in.ua domain, so the SPF for the letter did not pass, because no align identifiers.
Most likely a recipient with an address in the Rally domain.in.ua hosted by GMail costs redirecting mail to a mailbox in your @slap.com.ua domain. When redirecting, GMail changes the sender address in the envelope, but does not change in the headers. An email from your user went to GMail and was forwarded back to you from there. Therefore, DMARC-SPF failed on it and DMARC-DKIM passed - this is an expected situation.
Similar questions
D
R
H
V
P
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question